fc46a61733
Update Readme.md
2015-10-05 09:22:02 +02:00
8b917e6625
Update Readme.md
2015-10-05 09:19:11 +02:00
a0d634f94a
- ouput corrections for BEAST
2015-10-04 12:32:29 +02:00
41bc2fb70c
- regression wrt what_dh
2015-10-03 00:14:52 +02:00
2fe8fc95fa
Readme: add link(s) to external contrib, such as docker images
2015-10-01 21:39:09 -04:00
5d230edb3a
Merge branch 'master' of github.com:drwetter/testssl.sh
2015-10-01 13:29:25 +02:00
f3cef41053
- some speed improvements (sed, tr --> bash internal s'n'r)
...
- revamped BEAST a bit: availablity of higher protocols lead now to yellow color, see #208
- Fixed error in BEAST (no higher protos led to no message)
- made BEAST it faster: one check for protocol ssl3+tls1 upfront, see #208
2015-10-01 13:27:14 +02:00
8648398094
Update CREDITS.md
2015-10-01 13:19:15 +02:00
fd256a74b1
Merge pull request #207 from typingArtist/beast
...
Fix CBC cipher selection for BEAST detection
2015-10-01 11:51:16 +02:00
2ca6c2b0dc
improved variable naming, scope and worked around length limitation of cipher list, as suggested by @drwetter
2015-09-30 14:54:39 +02:00
449aada392
fix CBC cipher selection
...
CBC cipher selection is not so easy using the openssl tool alone. Selecting the cipher based on the string CBC occuring in it would be right if it’s
about the RFC name of the cipher but not so with the openssl naming. Since CBC ciphers are not going to be continued anyway, I think it’s safe to take
a static list. However, it’s easy to extract it from the cipher list in openssl-rfc.mapping.html, but we certainly don’t want to require that file to
be shipped all the time.
2015-09-30 12:44:27 +02:00
1c1eaa53d8
- fix for renamed http_header function
2015-09-29 18:47:49 +02:00
cac49cb1f1
- "--file" implicitly does "--warnings=batch"
...
- "--file" works now fine with equal sign
- fixed load balancer issue where header request stalled and testssl.sh consequently too
- http_date needed to be changed too because of that
- needed to estimate then the http_date when request was killed (HAD_SLEPT)
will Mr. Spock like this??
- fixed load balancer issue where header request for breach test stalled and thus an error was displayed
- code improvements
2015-09-28 22:54:00 +02:00
251e09bb4e
IPv6
2015-09-26 23:00:41 +02:00
feaef680aa
- IPv6 #11 is 80% working (whohoo!). Needed is an openssl capable IPv6 and HAS_IPv6=true in the environment
...
- FIX #191
2015-09-26 22:44:33 +02:00
cc81642ee3
- #FIX 202 (EV detection from TERENA/Digicert)
2015-09-25 14:35:42 +02:00
a2efc201b7
- added a failure condition for trust check
2015-09-24 09:10:43 +02:00
06466cca92
- proxy in determine_trust was missing
2015-09-23 09:03:47 +02:00
bdd6856de8
Update Readme.md
2015-09-22 20:17:06 +02:00
bf54d9ef3d
Merge branch 'master' of github.com:drwetter/testssl.sh
2015-09-22 20:09:41 +02:00
0b1e573fc9
- FIX #190 : Server temp key backport for RH-ish systems works now automagically
...
- just to be sure there's a cmd line flag --has-dhbit / env HAS_DH_BITS
- some reordering
2015-09-22 20:09:26 +02:00
95b6d59b7c
Update Readme.md
2015-09-22 17:54:25 +02:00
faa6de312d
Merge branch 'master' of github.com:drwetter/testssl.sh
2015-09-22 17:15:08 +02:00
4b57a22f6e
- FIX #198 (date env problem under BSD and maybe others)
2015-09-22 17:14:36 +02:00
fb565ac78e
See #97
2015-09-22 16:39:09 +02:00
1668daa04e
- NEW: chain of trust -- for openssl 1.0.2 only
...
- FIX #97
2015-09-22 15:05:59 +02:00
3eeb1f9d9d
- check whether dig, host or nslookup is there. The error message is now describing the cause
2015-09-21 16:43:47 +02:00
23802e219d
- #FIX 197
...
- renamed a variable
2015-09-21 14:03:48 +02:00
6406e1828d
- minor polish of output
2015-09-19 15:03:40 +02:00
413b64c44a
- fixed proxy name resolution and make it more robust
...
- additional line if a proxy is used above rDNS
2015-09-18 15:12:01 +02:00
fc3f711b4c
Need to reflect the new master
2015-09-17 15:33:41 +02:00
945d26d222
- changed version number
...
- retabed to five spaces
2015-09-17 15:30:15 +02:00
4cee5c21c0
Running 2.6. now
2015-09-16 14:58:28 +02:00
58096d6633
2.6 release
2015-09-15 08:49:00 +02:00
467988fb0a
- improved resilience in cipher order check
...
- improved also there compatibility with intolerant IIS6 servers
2015-09-14 12:54:54 +02:00
09c06e0ffa
Update Readme.md
2015-09-14 11:21:24 +02:00
a2ba43ec78
- litemagenta should be used for not fatal conditions / magenta for fatal conditions (prg terminates then)
2015-09-14 11:12:37 +02:00
9b08cb7584
- FIX /workaround for #188 ( https://github.com/drwetter/testssl.sh/issues/188 )
...
- bumped up version to rc4
2015-09-14 11:03:10 +02:00
a9f231b3ff
- fix where an $PID"ERRFILE" was written
2015-09-09 16:41:32 +02:00
d28317f2d0
- exit code always 0 unless an error occured
...
- enable devel feaure of SSLv2 via socket
2015-09-08 19:30:03 +02:00
566a059250
- fix for issue when a non-HTTP service indicates a misleading non-match of certificate
...
- wildcard check
2015-09-06 18:21:08 +02:00
b9bfa2355a
fix for scott helme's multiple keys ( https://scotthelme.co.uk/hpkp-toolset )
2015-09-04 14:19:06 +02:00
422b4d511a
minor cleanups for finding openssl binaries
2015-09-04 10:04:56 +02:00
13b4497e8e
Rename old.CHANGELOG.txt to CHANGELOG.stable-releases.txt
2015-09-03 15:15:36 +02:00
32e471c856
Update old.CHANGELOG.txt
2015-09-03 15:14:14 +02:00
35a69642ed
Update Readme.md
2015-09-03 15:09:03 +02:00
02800c78d9
Merge branch 'master' of github.com:drwetter/testssl.sh
2015-09-03 13:26:42 +02:00
6a036cd7d4
removed hardcoded obsolete paths for binaries
2015-09-03 13:26:02 +02:00
a84562c678
Update Readme.md
2015-09-03 13:20:52 +02:00
4ec089b508
- remove double binaries
2015-09-03 13:11:57 +02:00
Dirk Wetter
Paul Morgan
typingArtist